git.openpandora.org / pandora-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f2536cb)
[SCSI] fusion - bug fix stack overflow in mptbase
authorEric Moore <eric.moore@lsil.com>
Wed, 26 Apr 2006 19:22:37 +0000 (13:22 -0600)
committerJames Bottomley <jejb@mulgrave.il.steeleye.com>
Thu, 27 Apr 2006 18:59:30 +0000 (13:59 -0500)
Bug fix for stack overflow in EventDescriptionStr, (a function
for debuging firmware events).  We allocated 50 bytes on local stack
for buff[], however there are places in the code where we've attempted
copying in greater than 50 bytes into buff[].

Signed-off-by: Eric Moore <Eric.Moore@lsil.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
drivers/message/fusion/mptbase.c patch | blob | history

diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c
index 5fe6e8d..9080853 100644 (file)
--- a/drivers/message/fusion/mptbase.c
+++ b/drivers/message/fusion/mptbase.c
@@ -5735,12 +5735,13 @@ mpt_HardResetHandler(MPT_ADAPTER *ioc, int sleepFlag)
        return rc;
 }
 
+# define EVENT_DESCR_STR_SZ            100
+
 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
 static void
 EventDescriptionStr(u8 event, u32 evData0, char *evStr)
 {
-       char *ds;
-       char buf[50];
+       char *ds = NULL;
 
        switch(event) {
        case MPI_EVENT_NONE:
@@ -5777,9 +5778,9 @@ EventDescriptionStr(u8 event, u32 evData0, char *evStr)
                if (evData0 == MPI_EVENT_LOOP_STATE_CHANGE_LIP)
                        ds = "Loop State(LIP) Change";
                else if (evData0 == MPI_EVENT_LOOP_STATE_CHANGE_LPE)
-                       ds = "Loop State(LPE) Change";                  /* ??? */
+                       ds = "Loop State(LPE) Change";          /* ??? */
                else
-                       ds = "Loop State(LPB) Change";                  /* ??? */
+                       ds = "Loop State(LPB) Change";          /* ??? */
                break;
        case MPI_EVENT_LOGOUT:
                ds = "Logout";
@@ -5845,22 +5846,28 @@ EventDescriptionStr(u8 event, u32 evData0, char *evStr)
                u8 ReasonCode = (u8)(evData0 >> 16);
                switch (ReasonCode) {
                case MPI_EVENT_SAS_DEV_STAT_RC_ADDED:
-                       sprintf(buf,"SAS Device Status Change: Added: id=%d", id);
+                       snprintf(evStr, EVENT_DESCR_STR_SZ,
+                           "SAS Device Status Change: Added: id=%d", id);
                        break;
                case MPI_EVENT_SAS_DEV_STAT_RC_NOT_RESPONDING:
-                       sprintf(buf,"SAS Device Status Change: Deleted: id=%d", id);
+                       snprintf(evStr, EVENT_DESCR_STR_SZ,
+                           "SAS Device Status Change: Deleted: id=%d", id);
                        break;
                case MPI_EVENT_SAS_DEV_STAT_RC_SMART_DATA:
-                       sprintf(buf,"SAS Device Status Change: SMART Data: id=%d", id);
+                       snprintf(evStr, EVENT_DESCR_STR_SZ,
+                           "SAS Device Status Change: SMART Data: id=%d",
+                           id);
                        break;
                case MPI_EVENT_SAS_DEV_STAT_RC_NO_PERSIST_ADDED:
-                       sprintf(buf,"SAS Device Status Change: No Persistancy Added: id=%d", id);
+                       snprintf(evStr, EVENT_DESCR_STR_SZ,
+                           "SAS Device Status Change: No Persistancy "
+                           "Added: id=%d", id);
                        break;
                default:
-                       sprintf(buf,"SAS Device Status Change: Unknown: id=%d", id);
-               break;
+                       snprintf(evStr, EVENT_DESCR_STR_SZ,
+                           "SAS Device Status Change: Unknown: id=%d", id);
+                       break;
                }
-               ds = buf;
                break;
        }
        case MPI_EVENT_ON_BUS_TIMER_EXPIRED:
@@ -5883,34 +5890,40 @@ EventDescriptionStr(u8 event, u32 evData0, char *evStr)
                        MPI_EVENT_SAS_PLS_LR_CURRENT_SHIFT;
                switch (LinkRates) {
                case MPI_EVENT_SAS_PLS_LR_RATE_UNKNOWN:
-                       sprintf(buf,"SAS PHY Link Status: Phy=%d:"
+                       snprintf(evStr, EVENT_DESCR_STR_SZ,
+                          "SAS PHY Link Status: Phy=%d:"
                           " Rate Unknown",PhyNumber);
                        break;
                case MPI_EVENT_SAS_PLS_LR_RATE_PHY_DISABLED:
-                       sprintf(buf,"SAS PHY Link Status: Phy=%d:"
+                       snprintf(evStr, EVENT_DESCR_STR_SZ,
+                          "SAS PHY Link Status: Phy=%d:"
                           " Phy Disabled",PhyNumber);
                        break;
                case MPI_EVENT_SAS_PLS_LR_RATE_FAILED_SPEED_NEGOTIATION:
-                       sprintf(buf,"SAS PHY Link Status: Phy=%d:"
+                       snprintf(evStr, EVENT_DESCR_STR_SZ,
+                          "SAS PHY Link Status: Phy=%d:"
                           " Failed Speed Nego",PhyNumber);
                        break;
                case MPI_EVENT_SAS_PLS_LR_RATE_SATA_OOB_COMPLETE:
-                       sprintf(buf,"SAS PHY Link Status: Phy=%d:"
+                       snprintf(evStr, EVENT_DESCR_STR_SZ,
+                          "SAS PHY Link Status: Phy=%d:"
                           " Sata OOB Completed",PhyNumber);
                        break;
                case MPI_EVENT_SAS_PLS_LR_RATE_1_5:
-                       sprintf(buf,"SAS PHY Link Status: Phy=%d:"
+                       snprintf(evStr, EVENT_DESCR_STR_SZ,
+                          "SAS PHY Link Status: Phy=%d:"
                           " Rate 1.5 Gbps",PhyNumber);
                        break;
                case MPI_EVENT_SAS_PLS_LR_RATE_3_0:
-                       sprintf(buf,"SAS PHY Link Status: Phy=%d:"
+                       snprintf(evStr, EVENT_DESCR_STR_SZ,
+                          "SAS PHY Link Status: Phy=%d:"
                           " Rate 3.0 Gpbs",PhyNumber);
                        break;
                default:
-                       sprintf(buf,"SAS PHY Link Status: Phy=%d", PhyNumber);
+                       snprintf(evStr, EVENT_DESCR_STR_SZ,
+                          "SAS PHY Link Status: Phy=%d", PhyNumber);
                        break;
                }
-               ds = buf;
                break;
        }
        case MPI_EVENT_SAS_DISCOVERY_ERROR:
@@ -5919,8 +5932,8 @@ EventDescriptionStr(u8 event, u32 evData0, char *evStr)
        case MPI_EVENT_IR_RESYNC_UPDATE:
        {
                u8 resync_complete = (u8)(evData0 >> 16);
-               sprintf(buf,"IR Resync Update: Complete = %d:",resync_complete);
-               ds = buf;
+               snprintf(evStr, EVENT_DESCR_STR_SZ,
+                   "IR Resync Update: Complete = %d:",resync_complete);
                break;
        }
        case MPI_EVENT_IR2:
@@ -5973,7 +5986,8 @@ EventDescriptionStr(u8 event, u32 evData0, char *evStr)
                ds = "Unknown";
                break;
        }
-       strcpy(evStr,ds);
+       if (ds)
+               strncpy(evStr, ds, EVENT_DESCR_STR_SZ);
 }
 
 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
@@ -5995,7 +6009,7 @@ ProcessEventNotification(MPT_ADAPTER *ioc, EventNotificationReply_t *pEventReply
        int ii;
        int r = 0;
        int handlers = 0;
-       char evStr[100];
+       char evStr[EVENT_DESCR_STR_SZ];
        u8 event;
 
        /*
Pandora Kernel Repository